xdi message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: steps to evaluate link contracts
- From: Markus Sabadello <markus.sabadello@gmail.com>
- To: OASIS - XDI TC <xdi@lists.oasis-open.org>
- Date: Sat, 26 Jun 2010 23:14:14 +0200
I'm trying to implement link contracts on the server side according to the patterns at:
http://wiki.oasis-open.org/xdi/PdxExample
The challenge is that for a given
- sender XRI (e.g. =!2222.xxxx.yyyy.zzzz!8888.ssss.tttt.uuuu)
- operation XRI (e.g. $get)
- operation address (e.g. =!1111.aaaa.bbbb.cccc!9999.xxxx.yyyy.zzzz/+tel)
- graph containing link contracts
... a decision has to be made whether to allow the operation or not.
The assumption is that the sender XRI has already been authenticated with a signature, password or some other means, so this only about authorization, not authentication.
I've come up with the following decision algorithm:
1. Find all link contract roots:
A link contract root is a subject that ends in $has and has a /$is$a/$has statement.
2. For each link contract root, find all link contracts:
This is done by following the /$has$a statements from the link contract roots.
A link contract is a subject with a /$is$a statement whose reference ends in $has.
3. For each link contract, find the list of link contract parties:
This is done by appending $a to the subject of the link contract root.
A list of link contract parties is a subject with a /$is$a/$a statement.
The actual parties to the link contract can be found on the /$is$has predicate.
If the following conditions are true:
- The link contract contains the operation XRI in question (e.g. $get)
- The link contract contains the operation address in question, or a superset of that address (e.g. =!1111.aaaa.bbbb.cccc!9999.xxxx.yyyy.zzzz$1/+tel or =!1111.aaaa.bbbb.cccc!9999.xxxx.yyyy.zzzz$1)
- The list of link contract parties includes the sender XRI of the message in question (e.g. =!2222.xxxx.yyyy.zzzz!8888.ssss.tttt.uuuu)
... then allow the operation.
... otherwise proceed to the next link contract / link contract root until none are left, then deny the operation.
------------------------
Pretty complicated, but I can see it working.
I'm attaching a PDF with a subset of the PdxExample.
All the parts I need for the above decision making process are highlighted in YELLOW.
There are however some questions I have,
- What's the point of having the parts that are highlighted in GREEN? I don't seem to need those.
- Does the decision making process have to include the parts highlighted in BLUE? In other words, does it matter who issued the link contract?
Markus
linkcontracts.pdf
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]